Portal login
Talk to us Get started

Enhanced security

Security that never sleeps

Peak performance

Performance that scales with you

Zero downtime

Because that's what matters

Multi-site resilience

True high-availability and failover, made easy

Industry solutions

Expertise in healthcare, object storage, and mission critical industries

Application solutions

Every application, documented with care

Partner solutions

Professional services

The ADC Portal

Any load balancer, anywhere, one simple platform

The Enterprise ADC

Smart, flexible, unbreakable — and trusted

Join the Endurance waitlist

Our next-gen application delivery platform

Get a quote

Get technical support

Reviews

based on 1,500+ reviews

Customer stories

Blog

Events

Not your average Load balancer company

Learn why we are different

Multi-AZ resilience: Why the recent AWS outage shows you need it

Don't wait for the next outage to expose gaps in your critical architecture.
Security 3 mins

Blocking Japan with ModSecurity and Maxmind Lite

The Web Application Firewall is based on ModSecurity which is an open source WAF for Apache, IIS, and Nginx for protecting against a many variety of attacks and allows for HTTP traffic monitoring and logging.

Last updated
Back to all posts
Blocking Japan with ModSecurity and Maxmind Lite

Accessibility is the magic word for todays blog. If you’re lucky enough to run a website, then the whole world has access to it by default!

Now lets imagine that the website you’re running is targeted for a geographically specific customer base such as the USA. You get up one morning and decide to take a look at your web analytic reports, and find that Japan is where the second largest volume of traffic is coming from. At which point, you might start thinking about restricting traffic from specific countries that would only waste bandwidth on your server.

This is where our WAF comes in. The Web Application Firewall is based on ModSecurity which is an open source WAF for Apache, IIS, and Nginx for protecting against a many variety of attacks and allows for HTTP traffic monitoring and logging.

Update: A newer article on this topic is available here

Why Loadbalancer.org for WAF?

The Engineers' choice for smarter load balancing

Free WAF guide Why us for WAF

A prerequisite for this guide is that you would already have the WAF configured with “Rule Engine traffic blocking” enabled on the Loadbalancer.org appliance.


Edit WAF Gateway

You can follow page 161 of our Admin guide on how to do so.

You will also require the Maxmind database. Maxmind provide a free IP lookup database. The basic country database is free for personal and business usage providing you do not distribute it. Maxmind normally update their database monthly, so it is a good idea to download their updates regularly.

The official legacy database has been end-of-life'd

The version of ModSecurity (v2) that our appliance uses to provide WAF functionality expects to read the legacy form of the MaxMind database. This format of their database has been end-of-life'd, and is not available for download anymore!

Fortunately, Christoph Hansen, user ‘emphazer’ on GitHub, has developed a script that automatically pulls the latest version of the new format MaxMind database and converts it into the legacy .dat format that we need - amazing! It requires a handful of Python scripts and packages to work, but it will complain if anything is missing which makes it easy to install the requisite packages on various Linux distributions.

The conversion (bash) script is available from this GitHub repository:
https://github.com/emphazer/GeoIP_convert-v2-v1

On our load balancer, we recommend putting the database file in the location:
/usr/local/geo/data/GeoIP.dat

💡
Important: If working with a pair of load balancers, the database should be placed on both appliances
💡
Note: To update the database file, this process should be periodically re-run on any appliances that use it (on both appliances if working with an HA pair of load balancers)
💡
Note: If the appliance is in ‘Secure’ mode then the Execute shell command option will not appear. See the Administration Manual for full details on the considerations for disabling ‘Secure’ mode

Once this is done you will need to navigate via the WUI to:

Cluster Configuration -> WAF - Manual Configuration


WAF Manual Configuration

Select your WAF and apply the sample rule for ModSecurity to block traffic from Japan:

SecGeoLookupDb /usr/local/geo/data/GeoIP.dat
SecRule REMOTE_ADDR "@geoLookup" "chain,id:20,drop,msg:'Block Japan IP address'"
SecRule GEO:COUNTRY_CODE "@streq JP"

Update and reload the WAF.

In this example we used Japan, but you can find the full set of country codes on the Maxmind website.

Why Loadbalancer.org for WAF?

The Engineers' choice for smarter load balancing

Free WAF guide Why us for WAF
Found in: Security WAF Open source

Get Started Today, for Free

Try us out—no strings, no stress, just seriously good load balancing and top-notch support. Let's make your apps unstoppable!

Try for free Book a meeting